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Apstrakt 


Razvoj informacionih tehnologija i interneta i vrsenja krivicnih dela u tom novom 
okruzenju dovodi do pojave_ transnacionalnog, visokotehnoloskog kriminala. 
Nadlezna tela za borbu protiv kriminala u_ postizanju rezultata sputava 
tradicionalna podela na nacionalne jurisdikcije dok za izvrSioce dela tih 
ogranicenja nema. Sajber aktivnostima nanose se velike Stete i posledice fizickim 
ili pravnim licima, protivpravno prisvajaju finansijska sredstva i zaSticeni podaci. 
Specificnosti visokotehnoloskog kriminala zahtevaju_ specijalizaciju  drzavnih 
organa jer se u borbi protiv kriminala ne smeju ugroziti individualna prava, 
privatnost i slobode pojedinaca. Cilj ovog rada je da pokaze kako zakonodavstvo 
Evropske unije (EU) i aktivnosti njenth institucija unapreduju prevenciju, istragu 
i krivicno gonjenje izvrsilaca i grade kapacitete u pravosudu. Harmonizacija 
domaceg prava sa pravom EU u oblasti borbe protiv sajber kriminala predvidena 
Je Poglavljem 24. pregovora ,,Pravda, sloboda, bezbednost“. U odgovaranju na 
pitanje koji su pravni aspekti suprotstavljanja sajber kriminalu u EU koriscéeni su 
istorijsko-komparativni, metod analize sadrzaja i deduktivni metod. 


Kljucne reci: evropsko pravo, sajber kriminal, licni podaci. 


Uvod 


Visokotehnoloski kriminal, poznat 1 kao e-kriminal, kiberneti¢ki ili sajber 
kriminal, obuhvata skup krivi¢nih dela koja podrazumevaju upotrebu interneta, 
racunara ili nekih drugih elektronskih uredaja 1 pod taj pojam se mogu podvesti 
razliciti oblici kriviénih dela. ,,U Sirem smislu, to je kriminalna djelatnost u kojoj 
su racunar ili mreza izvor, sredstvo, predmet, cilj ili prostor krivicénog djela‘ 
(Romié et al, 2012). Pojedini oblici e-kriminala direktno su vezani za racunare, 
kao Sto su Sirenje opasnih elektronskih virusa ili pokretanje DoS napada (engl. 
Denial of Service Attack) koji onesposobljavaju racunarski sistem tako da on 
odbija da izvrsi bilo koju uslugu ovlaScenog korisnika, kada racunar postaje 
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predmet napada, dok kod ostalih oblika e-kriminala koji Cine prevare, govor 
mrznje, krivicna dela protiv intelektualne svojine, kao i proizvodnja, posedovanje 
i distribucija spornog materijala, uredaji 1 internet su sredstvo napada. Kod ove 
vrste kriminala pored predmeta 1 sredstva napada, specific¢no je 1 mesto izvrSenja, 
a to je paralelni, virtuelni prostor nastao povezivanjem viSe kompjutera u mreze 
pogodne za trazenje informacia ili za elektronsko poslovanje koji nazivamo 
sajber prostorom, pri Cemu je rec sajber (syber) grékog porekla 1 znaci nevidljivo, 
neupadljivo 1 neograniceno upravljanje. Upravo je ovaj skoro nevidljivi prostor i 
nepostojanje njegovih ogranicenja ono Sto usloznjava borbu protiv kriminalnih 
aktivnosti koje se preduzimaju (Bjelajac, Filipovic, 2021). Ove specificnosti uticu 
na otezano pravno regulisanje materije 1 problem u procesuiranju izvrSilaca, jer 
sajber kriminal najCeSce prevazilazi granice jedne drzave, odnosno vaze¢ceg 
teritoryalnog zakonodavstva. IzvrSiocima ove vrste protivpravnih delatnosti 
pogoduju slaba zaStita i generalno slaba svest korisnika na mrezama, ali 1 teSko¢e 
otkrivanju izvrSenja dela i u prikupljanju dokaza. Iz tog razloga, poslednjih 
decenija uocljiva je namera najveceg broja zemalja da kroz razlicite bilateralne 1 
mutiratelarne sporazume preduzimaju zajednicke akciyje kojim bi se udruzeno 
suprotstavile sajber kriminalu. Regulisanje sajber bezbednosti na nacionalnom i 
medunarodnom nivou doprinosi efikasnijem radu nadleznih tela na otkrivanju 
izvrSenih dela i ucinilaca, ali 1 preventivnom delovanju 1 sprecavanju vrSenja 
inkriminisanih radnji. Da bi se drzave adekvatno suprotstavile ovoj pretnji 
potrebno je njihovo povezivanje 1 jacenje saradanje 1 razmene informacia, ali i 
jacanje saradnje medu razlicitim sektorima unutar drzave. Pri tome, vazno je 
zastiti prava pojedinaca na privatnost (Perovic, 2018). Tek nakon toga moze se 
pristupati otkrivanju izvrSilaca krivi¢nih dela i izricanju adekvatnih sankcija za 
odgovorne, bez obzira da li se radi o fizi¢ékim ili pravnim licima. 


Prvi dokument kojim se sveobuhvatno nastojao reSiti problem sajber kriminala je 
Konvenciju o kiberneti¢kom kriminalu (Convention on Cybercrime, ETS 185), 
usvojena 23. novembra 2001. godine u Savetu Evrope. DonoSenju Konvencije 
prethodilo je usvajanje veceg broja preporuka kojim su se ¢lanice upozoravale na 
nove pretnje i izazove i zahtevala se njihova zajednic¢ka akcija. Konvencija je 
propisala krivi¢éna dela usmerena protiv poverljivosti, integriteta i dostupnosti 
racunarskih podataka i sistema, dajuci precizne definicije krivi¢nih dela, koje 
omogu¢éavaju vodenje krivi¢nih postupaka i uklanjaju opasnost od duplog 
gonjenja u viSe drzava. Vazan deo Konvencije o visokotehnoloskom kriminalu 
posvecen je obavezama drzava da stvore normativne pretpostavke za uvodenje 
dodatnih procedura i ovlaScenja, kako bi se omogu¢ilo efikasno otkrivanje i 
procesuiranje slucajeva kompjuterskog kriminala. Prvi koraci u tom postupku su 
otkrivanje dela i prikupljanje 1 obezbedenje dokaza. Ovim je postavljen okvir za 
pojedina nacionalna zakonodavstva da preciznije odrede obelezja 1 karakteristike 
pojedinih kriviénih dela u vezi racunara 1 sajber prostora, njihove osnovne, lakSe 
ili teze oblike, te da propisSu kriviéne sankcie za njihove ucinioce, bez obzira da li 
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se radi o fizickim ili pravnim licima. Srbija je potpisala Konvenciju Saveta 
Evrope o sajber kriminalu. Uz Konvenciju je, u Strazburu 28. januara 2005. 
godine, usvojen Dopunski protokol o zabrani akata rasisti¢ke i ksenofobi¢ne 
prirode ucinjenih posredstvom racunarskih sistema. Njen znacaj se ogleda 1 u 
Cinjenici da su joj pristupile 1 drzave koje nisu u Evropi, poput SAD, Kanade, 
Japana, Dominikanske Republike, Paname, Mauricijusa, Australije, Izraela, Sri 
Lanke 1 Juznafri¢ke Republike (Bejatovic, 2012). 


Pitanje bezbenosti u virtuelnom prostoru delimi¢no reguli8u 1 druge konvencije 
koje se ticu ove materije, poput: Konvencije o zaS8titi prava pojedinca u vezi sa 
automatskom obradom li¢nih podataka, Konvencije o zastiti dece od seksualne 
eksploatacije 1 seksualnog zlostavljanja, te Konvencije 0 sprecavanju terorizma. 


Rad na povezivanju drzava imala je i Organizacija Ujedinjenih nacija. Razlicita 
tela ove organizacije su, u skladu sa svojim ovlaScenjima, delovala u pravcu 
podizanja svesti i povezivanja Clanica u_ suprotstavljanju pretnjama koje 
visokotehnoloski kriminala predstavlja. Rezoluciya br. 55/2 Generalne skupStine 
UN od 18. septembra 2000. godine, poznata i kao Milenijumska deklaracija, medu 
ciljevima za nastupajuci milenijum navodi bezbedno 1 dostupno koiS¢enje novih 
tehnologija. Pored toga, Generalna skupStina usvojila je niz rezolucija koje se 
odnose na borbu protiv zloupotrebe informati¢kih tehnologija 1 medunarodnu 
internet sigurnost. 


Zadatak usaglaSavanja nacionalnih zakonodavstava u oblasti visokotehnoloskog 
kriminala i bezbednosti u_ sajber prostoru  Ujedinjene nacije dodeljuju 
Medunarodnoj telekomunikacionoj uniji (ITU), svojoj agenciji za _ pitanje 
informacionih i komunikacionih tehnologija (IKT). ITU je maja 2007. godine 
predstavila dokument pod nazivom Memorandum o globalnoj sajber bezbednosti 
(A Global Cybersecurity Agenda — GCA) u kom su navedeni osnovni problem i 
preporuke za poboljSanje bezbednosti. 


Takode, Ekonomsko-socijalni savet Ujedinjenih nacija, u julu 2007. godine, 
usvojio je Rezoluciju 2007/20, koja govori o medunarodnoj saradnji u oblasti 
prevencije, istrage, krivi¢nog progona 1 kaznjavanja privrednog kriminaliteta 1 
dela povezanih sa zloupotrebom identiteta. 

ReSavanju probelema visokotehnoloskog kriminala i pretnji po savremeno druStvo 


svojim unutraSnjim dokumentima su se bavile 1 mnoge druge organizacije, poput 
NATO, OSCD, OECD, ICANN, AU, ASEAN, OA (Pernik, 2014). 


Cilja rada i kori§¢éena metodologija 
Cilj rada je davanje odgovora na pitanje koji su pravni aspekti borbe protiv 
visokotehnoloskog kriminala u Evropskoj uniji (EU), jer suprotstavljanje 
visokotehnoloskom kriminalu ukljucuje razlicite oblasti, Cinioce 1 aspekte. Da bi 
se odgovorilo na to pitanje, potrebno je bilo definisati osnovne pojmove, prikupiti 
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podatke puterm istrazivanja, klasifikovati ih i analizirati. U tom procesu 
nametnula su se tri osnovna pitanja: 


1. Koji su dokumenti Evropske unije koji ureduju pravne aspekte borbe protiv 
visokotehnolosSkog kriminala? 

2. Na koji nacin je to uredeno? 

3. U kojoj meri je domaci pravni sistem uskladen sa evropskim? 


Nauéno istrazivanje pocetni je korak kojim se postoje¢a znanja verifikuju, a nova 
sti¢u, jer deskripcija dosadaSnjih aktivnosti predstavlja prvi korak kojim se 
potpuno, objektivno 1 sistemati¢no utvrduje polazno stanje, odnosno utvrduju se 
Cinjenice, dok je analiti¢ki metod kori8¢en za utvrdivanje njihove medusobne 
uslovljenosti 1 otkrivanje novih Cinjenica, njihovih relacia ili posledica. Analiza 
sadrzaja podrazumeva istrazivanje 1 razmatranje velikog broja pravnih izvora, 
imajuci u vidu razlicita tela Unie i njihova ovlaScenja da donose obavezujuce 
akte ali i dokumenta koja, mada nisu obavezujuca, imaju znacaj za kreiranje 
politike Unie 1 njenth Clanica. Pored akata koja usvajaju njeni organi, Evropska 
unija potpisuje 1 pristupa medunarodnim sporazumima koja se donose pod 
okriljem drugih medunarodnih organizacija, pre svega Organizacije Ujedinjenih 
nacija 1 Saveta Evrope. Sva ova pravila formiraju pravni okvir za borbu protiv 
visokotehnoloskog kriminala. U tom smislu, za potrebe pisanja ovog rada 
analizirani su sledeci tekstovi: 


- Komunike o stvaranju bezbednijeg informacionog druStva poboljSanjem 
bezbednosti informacione infrastrukture i borbom protiv kompjuterskog 
kriminala, (COM (2000) 890 final) 

- Okvirna odluka o borbi protiv prevare i fasifikovanja bezgotovinskih 
sredstava placanja, 2001/413/JHA 

- SaopStenje o bezbednosti mreze 1 informacija: Predlog pristupa politici EU 
(COM (2001)298 final) 

- Komunikacija o strategiji za bezbedno informaciono drustvo (COM 
(2006)251 final) 

- Komunikacija o borbi protiv nezeljene poste, Spijunskog softvera 1 
zlonamernog softvera (COM (2006)688 final) 

- Uredba EU/460/2004 o stvaranju Evropske agencije za bezbednost mreza 1 
informacija (ENISA) 

- Okvirna odluka EU 2005/222/JHA o napadima na informacione sisteme, 

- Direktiva 2002/58/EZ o koja se odnosi na obradu liénih podataka 1 zaStitu 
privatnosti u sektoru elektronskih komunikacija, 

- Odluka 2001/413/JHA oo borbi protiv prevare 1 _ falsifikovanja 
bezgotovinskih sredstava placanja, 

- Okvirna odluka EU 2004/68/JHA o seksualnoj eksploataciji dece 1 decijoj 
pornografiji u vezi sa decjom pornografijom objavljenom  kori8¢éenjem 
informacionih sistema 
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- Okvirna odluka EU 2008/913/JHA Odluka o borbi protiv rasizma i 
ksenofobie, 

- Direktiva 2006/24/EZ o zadrzavanju podataka u vezi sa pruzanjem javnih 
elektronskih komunikacionih usluga, 

- Okvirna odluka 2005/222/JHA o napadima na informacione sisteme, 

- Evropska bezbednosna _ strategija “Evropska unutraSnja__ strategija 
bezbednosti u akciji: pet koraka ka bezbednijoj Evrop1“, 

- Direktiva 2013/40/EU o napadima na informacione sisteme, 

- Evropska bezbednosna strategija ,,Bezbednij Evropa u boljem svetu“ 

- Predlog Uredbe za obezbedivanje pristupa 1 Cuvanja dokaza COM(2018) 
225 final- 2018/0108(COD) i 

- Predlog Direktive 0 imenovanju pravnih zastupnika COM/2018/226 final - 
2018/0107 (COD), 

- Direktiva EU/019/713 0 o borbi protiv prevare i fasifikovanja 
bezgotovinskih sredstava pla¢anja 

- Uredba EU/2019/881 0 ENISA (Evropskoj Agenciji za sajber bezebdnost) 
i oO informacionim i komunikacionim tehnologijama_sertifikacije sajber 
bezbednosti i izmeni Uredbe EU/526/2013. 


Nakon utvrdivanja polaznih osnova, pristupljeno je klasifikaciji podataka prema 
prirodi ili svojstvima. Sinteza prikupljenih znanja 1 iznoSenje rezultata istrazivanja 
dati su u fomi zakljucka da Uniya, u skladu sa svojim ovlaS¢enjima, radi na 
stvaranju koherentnog pravnog okvira koji obavezuje na delovanje razlicite 
aktere. 


Rezultati rada sa diskusijom 


Razvoj informacionog druStva i novih tehnologiya doprineli su konkurentnosti, 
privrednom rastu 1 lakSem zaposljavanju unutar Unie, ali su 1 izlozili pravna i 
fizi¢ka lica riziku od sajber napada. I, dok su Savet Evrope i Ujedinjene nacije 
ubrzano radili na definisanju visokotehnolosSkog kriminala 1 izradi metodologije 
za borbu protiv njega, Evropska unija je nije pokazivala nikakvo interesovanje za 
ovu oblast, kao da je ¢ekala da vidi ishod aktivnosti koje su se deSavale pod 
okriljem pomenute dve organizacije. Tek, naknadno, ona pocinje da usvaja 
legislativu koja za temu ima borbu protiv visokotehnoloskog kriminala. 
Vremenom, rad EU na uredenju okvira za bezbedno koriS8¢éenje racunara i 
virtuelnog prostora postaje sve znacajniji jer je siguran internet prostor od 
kljucnog zna¢aja za funkcionisanje i razvoj unutraSnjeg trziSta (De Hert et al, 
2006). Osnov za to nalazi se u Clanu 16. Ugovora o formiranju EU (UFEU), 
poznatom joS kao Lisabonski ugovor, koji uvodi poseban pravni osnov za 
donoSenje pravila koja se odnose na zaStitu pojedinaca u pogledu obrade li¢nih 
podataka od strane institucija Unie, od strane drzava Clanica kada obavljaju 
aktivnosti koje spadaju u delokrug prava Unije, i pravila koja se odnose na 
slobodno kretanje takvih podataka. PoSto Unija ima pre svega_politi¢ko- 
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ekonomski karakter, njene osnovne oblasti delovanja su saradnja policijskih i 
pravosudnih tela u toj borbi 1 razvoj medunarodne saradnje, ali 1 usvajanje 
domacih pravnih normi u drzavama Clanicama koje Ce stvoriti adekvatne i 
efikasne pravne instrumente za suprotstavljanje sajber kriminalu, koje ¢e biti 
primenjive, racionalne, efikasne i pravicne (Bejatovic, 2012). 


Prvi dokument usvojen 2001. godine pod nazivom ,,Komunike o stvaranju 
bezbednijeg informacionog drustva poboljSanjem bezbednosti informacione 
infrastrukture 1 borbom protiv kompyjuterskog kriminala“ predlaze saradnju u 
mnogim oblastima, a posebno izmenu zakonodavstva kojim bi se obuhvatila dela 
visokotehnoloskog kriminala i usaglasila kaznena politika Clanica u pogledu tih 
dela, kao 1 medusobno priznanje izrecenih presuda. Ovo je bio vazan, prvi korak, 
jer do tada mnogim zemljama krivicna dela vezana za visokotehnoloski kriminal 
nisu postojala. Naveden je i zna¢aj saradnje svih zainteresovanih u prikupljanju 1 
ocuvanju dokaza jer to nije pitanje koje se iskljucivo ti¢ée pravosudnih organa, vec 
1 privrede i pojedinaca. Ovako postavljen komunike doveo je do pokretanja niza 
aktivnosti 1 usvajanja novih dokumenata, medu kojim je prvi bila Okvirna odluka 
o borbi protiv prevare i fasifikovanja bezgotovinskih sredstava placanja kojom su 
se zaStitila sva placanja unutar Unie. 


Agencija EU za saradnju pravosudnih institucija drzava Clanica u krivi¢nim 
stvarima (EUROJUST) osnovana je radi borbe protiv prekograni¢nog kriminala i 
organizovanih kriminalnih grupa. U sklopu mandat EUROJUST osnovana je 
jedinica za saradnju izmedu tuzilaStava za borbu protiv razlicitih oblika kriminala 
medu kojim je bio i sajber kriminal. Postignut je dogovor o izdavanju Evropskog 
naloga za hapSenje (EAW). Mehanizam izdavanja i reagovanja po evropskom 
nalogu za hapSenje jedan je od od najznacajnih instrumenata koji evropsku 
pravosudnu saradnju ubrzava i pospeSuje. Medu krivi¢énim delima za koja je 
moguce izdati EAW, navedeni su sajber kriminal, prevare tokom bezgotovinskog 
placanja i falsifikovanje (Wennerstrém, 2010). 


SaopStenje 0 bezbednosti mreze 1 informacija (COM (2001)298 final) prvi je 
formulisani predlog za politiku EU. Politika sajber bezbednosti je od tada 
razvijena kroz niz akcija, kojima se predstavlja_ strategiji za bezbedno 
informaciono druStvo, bori protiv nezeljene poste, Spijunskog softvera 1 
zlonamernog softvera i koji dovode do stvaranja Evropske agencije za sigurnost 
na mrezi (ENISA) 2004. godine. Pored konkretnih reSenja koja su ponudena za 
uocéene probleme, znacaj ovih aktivnosti je bio u podizanju svesti o znacaju 
problema sigurnosti na internetu, saradnji 1 odgovornyem  koriScenju 
informacionih tehnologija. Komunikacije su bile osnov za usvajanje novih 
dokumenata kojima se nastalo preduprediti izvrSenje dela ili spreciti nastajanje 
znacéajnih posledica. 


Okvirna odluka EU 2005/222/JHA o napadima na informacione sisteme od 24. 
februara 2005. godine kao osnovni cilj postavlja unapredenje saradnje izmedu 
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pravosudnih i drugih nadleznih organa, ukljucujuci policiju i druge 
specijalizovane sluzbe za provodenje zakona, kroz priblizavanje nacionalnih 
pravila krivi¢énog prava u oblasti napada na informacione sisteme. Odluka je 
predvidela rok od dve godine za svoju implementaciju, isti¢uci time hitnost u 
postupanju nadleznih organa Clanica da bi unapredile saradnju i pocele da 
razmenjuju sve relevantne informacije 1 uspostavljaju operativne kontaktne ta¢ke 
koje rade bez prestanka. Predstavlja pokuSaj prevazilazenja znacajnih praznina 1 
razlika u nacionalnim zakonima, koje su otezavale policijsku 1 pravosudnu 
saradnju u borbi protiv organizovanog kriminala i terorizma. Odluka sledi pristup 
koji ima Konvencija Saveta Evrope, 1 zahteva od drzava ¢lanica EU da 
kriminalizuju namerni, nezakonit pristup informacionim sistemima, nezakonito 
meSanje u sistem i nezakonito preuzimanje podataka. Takva dela moraju biti 
kaznjena delotvornim, srazmernim 1 odvracajucim krivi¢énim kaznama, a krivi¢no 
delo u kontekstu kriminalne organizacije, koje prouzrokuje zna¢ajan gubitak ili 
utice na bitne interese, se mora smatrati otezavajucom okolnosti. 


EU se prvi put pozabavila nezeljenom e-postom u svojoj Direktivi 2002/58/EZ o 
privatnosti i elektronskim komunikacijama koja se odnosi na obradu li¢nih 
podataka 1 zaStitu privatnosti u sektoru elektronskih komunikacija, navodeci da 
jedinstveno trzi8te zahteva uskladen pristup u ovoj oblasti jer obim neZeljene 
poste moze izazvati poteSkoce za elektronske komunikacione mreze 1 opremu. Pri 
tome nije relevantno da li se pretplatnicima veb-sajtova ili elektronskih oglasnih 
tabli naruSavanje privatnosti nezeljenom komunikacijom u_ svrhe direktnog 
marketinga, vrsi putem sredstava automatizovanih maSina za pozivanje, faksova 1 
e-poste, ili SMS poruka. Paralelno sa zaStitom podataka 1 borbom protiv prevare i 
falsifikovanja bezgotovinskih sredstava placanja, Evropska unija se bori protiv 
seksualne eksploatacije dece i decije pormografije objavljene koriScenjem 
informacionih sistema i protiv bilo kog oblika rasizma i ksenofobije. 


Usledilo je usvajanje nekoliko preporuka Clanicama u razli¢itim formama, od 
kojih je najznaéajnija bila Direktiva 2006/24/EZ o zadrzavanju podataka u vezi sa 
pruzanjem javnih elektronskih komunikacionih usluga i izmeni Direktive 
2002/58/EZ, Sto je bio vazan korak ka uspostavljanju harmonizovanog sistema za 
prikupljanje 1 skladiStenje podatke o saobracaju u EU, 1 Okvirna odluka 
2005/222/JHA o napadima na informacione sisteme. Direktiva je usvojena na 
osnovu zakljucaka Saveta za pravosude 1 unutraSnje poslove od 19. decembra 
2002. godine, u kojima je posebno istaknuto da, zbog zna¢ajnog rasta mogucnosti 
koje pruzaju elektronske komunikacije, podaci koji se odnose na koriS¢enje 
elektronskih komunikacija su dragoceno sredstvo u prevenciji, istrazi, otkrivanju i 
kriviénom gonjenju kriviénih dela, posebno organizovanog kriminala. Okvirna 
odluka, s druge strane, bila je pokuSaj Evropske une da postigne minimalni nivo 
priblizavanja u pogledu tri kompjuterska kriviéna dela (nezakonit pristup 
informacionim sistemima, nezakonito ometanje sistema, nezakonito ometanje 
podataka), cije se definicije u velikoj meri zasnivaju na onim iz Konvencije 
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Saveta Evrope o sajber kriminalu. Medutim, iznenadujuce je da Okvirna odluka 
nye dostigla viSi nivo priblizavanja nego Sto je postigla Konvencija Saveta Evrope 
u pogledu primenljivih sankcija. Clan 6. Okvirne odluke predvida niz 
,minimalnih-maksimalnih“ sankcija, koje za nezakonito ometanje sistema 1 
nezakonito ometanje podataka moraju biti izmedu | 1 3 godine zatvora. Od drzava 
¢lanica je zatrazeno da implementiraju ove odredbe do kraja 2007. godine. 
Uprkos razlicitim dokumentima 1 pokuSajima stvaranja koherentnog sistema koji 
bi olakSao Clanicama povezivanje, saradnju i usglaSavanje aktivnosti u za8titi 
pojedinaca, kompaniya i institutclja od sajber napada, zna¢ajniji rezultati su 
izostali zbog strukture 1 organizacije Evropske zajednice. Usvajanjem Ugovora o 
funkcionisanju Evropke unije (Lisabonski ugovor - UFEU), Uniji su data nova 
ovlaScenja 1 mogucnosti za delovanje na polju unutraSnje bezbednosti. Odmah po 
stupanju na snagu Lisabonskog ugovora usvojeni su Stokholmski program 2009. 
godine 1 Strategija unutraSnje bezbednosti pocetkom 2010. godine (Nikodinovska- 
Stefanovska, Durovski, 2012). Krajem 2010. godine, Evropska komisija je u 
saradnji sa Evropskim parlamentom i Savetom Evropske unije izradila dokument 
pod nazivom “Evropska unutraSnja strategija bezbednosti u akciji: pet koraka ka 
bezbednijoj Evropi‘, navodeci da sistem bezbednosti sajber prostora ima pet 
strateSkih prioriteta: postizanje elasticnosti, u smislu da se sistemi automatski 
vracaju u normalno stanje nakon incidenta, zna¢ajno smanjenje sajber kriminala, 
razvoj politike sajber odbrane 1 kapaciteta saglasnih Zajednickoj bezbednosnoj 1 
odbrambenoj politici (Common Security and Defence Policy - CSDP), razvoj 
industrijskih 1 tehnoloSkih resursa za sajber bezbednost 1 uspostavljanje povezanih 
medunarodnih politika sajber bezbednosti za Uniyu 1 promovisanje osnovnih 
vrednosti Evropske unije. 


Najambiciozniji instrument EU usvojen u tom periodu je Direktiva 0 napadima na 
informacione sisteme (2013/40/EU) od 12. avgusta 2013. godine kojom se 
potencira bezbednosti mreza i informacija (NIS) 1 uvodi obaveza izveStavanja o 
incidentima za privatni sektor (ukljucujuci operatere osnovnih usluga 1 digitalnih 
usluga). Direktiva propisuje mere za osiguranje visokog zajednickog nivoa 
mrezne i informacione bezbednosti Sirom Unie, kojim se od zemalja Clanica 
zahteva izrada nacionalne strategije za mreznu 1 informacionu bezbednost (NIS), 
kao i kooperacioni plan kojima se omogu¢ava sprovodenje NIS. Clanice su u 
obavezi da formiraju stru¢ne nacionalne timove, pre svega tim nadlezan za 
kompjuterske incidente (Computer Emergency Response Team — CERT) koji po 
uspostavljanju saraduju sa policijskim agencijama na prevenciji, otkrivanju 1 
odgovoru na sajber napade, ali 1 zadatkom da razviju nacionalne planove za 
nepredvidene situacije. Za instituclye EU, 2012. godine, uspostavljen je CERT- 
EU. Razvija se Evropski sistem za razmenu informacija i upozorenja (European 
information sharing and alert system - EISAS) kao mreza kontakata medu 
Clanicama i drugim relevantnim telima. U drzavama ¢Clanicama formiraju se 
Nacionalni kompetentni autoriteti, kao najznacajnije domace institucije sa 
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zadatkom da prate primenu Direktive na nacionalnom nivou i saraduju sa istim 
telima drugih drzava Clanica, bezbednosnim sluzbama 1 telima za zaStitu podataka, 
kao 1 da postupaju po primljenim obaveStenjima o incidentima koje im upute 
javna administracija i javni operateri telekomunikacionih 1 informacionih usluga. 
Pored osnovna dva tela, svaka drzava Clanica moze da formira: telo za 
informacionu bezbednost (IAA), telo za TEMPEST (TA), telo za odobravanje 
kriptografskih reSenja (CAA) 1 telo za distribuciju kriptografskih materijala 
(CDA). 


Strategija nacionalne bezbednosti predstavlja opSte programsko stanoviSte jedne 
drzave u oblasti njene bezbednosti (Nedeljkovi¢, Forca, 2018). EU je usvojila 
Evropsku strategiju bezbednosti ,,Bezbednija Evropa u boljem svetu“ (A safer 
Europe in a better world, European security strategy) 2013. godine sa ciljem 
jacanja sajber bezbednosti javne administracije 1 kriti¢ne infrastrukture u kojoj 
isti¢e potrebu za razvitkom strateSke kulture radi rane 1 brze intervencije u 
situaciljama kada je bezbednost na bilo koji nacin ugrozena. Strategija ima tri 
poglavlja: analizu bezbednosnog okruzenja, u kojem su predstavljeni globalni 
izazovi 1 klju¢ne pretnje; definisanje strateSkih ciljeva 1 procena politi¢kih 
implikacija za Evropu i usmerena na borbu protiv visokotehnolosSkog kriminala 
kroz fokusiranje na partnerstvo sa privredom 1 izgradnju kapaciteta unutar drzava 
¢lanica za suprotstavljanje sajber napadima (Carrapico, Barinha, 2018). U okviru 
postojecih struktura EUROPOL, Unija je 2013. godine, osnovala Kriminalisticki 
centar za visoke tehnologije (E/C3), putem kog drzave Clanice i institutcije Unie 
izgraduju 1 unapreduju operativne 1 analitic¢ke kapaciteta za sprovodenje istraga 1 
saradnju sa medunarodnim partnerima. Centar saraduje sa Evropskom agencijom 
za bezbednost mreza 1 informacija (European Network and Information Security 
Agency - ENISA) kao 1 mrezom nacionalnih timova za racunarske incidente 
(CERTs). Evropska agencija za mreznu i informacionu bezbednost (ENISA) 
formirana je 2004. godine Uredbom Evropske komisije 1 Saveta broj EZ/460/2004 
sa ograni¢enim mandatom koji se od tog dana produzavao. U aprilu 2019. godine 
doneta je nova Uredba kojom je ENISA preimenovana u Evropsku agenciju za 
sajber bezbednost 1 data su joj nova ovlaS¢enja 1 dodata nova tela. SediSte 
Agencije je u Atini, ima status pravnog lica, a finansira se od sredstava 1z budzeta 
Evropske uniye, sredstava trecih zemalja koje ucestvuju u radu Agencije, kao i 
donacija drzava Clanica u novcu ili naturi. Prvobitni zadatak ENISA da vrsi 
poslove radi uspostavljanja visokog nivoa bezbednosti mreza i podataka u 
Evropskoj uniji, podizanja svesti o informacionoj bezbednosti i razvoja i 
promovisanja kulture bezbednosti mreza i podataka za dobrobit gradana, 
potroSacéa, preduzeca 1 organa javne vlasti Evropske une proSiren je pogledu 
sertifikacije sajber bezbednosti. U svakoj od drzava ¢lanica ENISA ima najSiru 
poslovnu sposobnost koja pravna lica imaju po unutraSnjem pravu Clanice 1 moze 
da zakljucuje ugovore u skladu sa pravom koje se primenjuje na konkretan 
ugovorni odnos. OvlaScena je da saraduje sa trecim zemljama 1 medunarodnim 
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organizacijama radi promovisanja medunarodne saradnje u oblasti bezbednosti 
mreza 1 podataka. Organi ENISA su: Upravni odbor, IzvrSni odbor, izvrsni 
direktor, Stalno telo zainteresovanih strana (koje ukljucuje predstavnike 
akademske zajednice, privrede 1 potroSaéa) 1 ad hoc radne grupe. Od 2019. godine 
postoji 1 stalno telo koje Cine nacionalni oficiri za vezu, a ENISA je odgovrna za 
Semu sertifikacije za sajber bezbednost za proizvode, usluge i procese za podrsku 
jedinstvenom digitalnom trzistu.. Evropski parlament, Savet, Evropska komisija 1 
nadlezna regulatorna tela drzava ¢lanica mogu da podnose zahteve za savete i 
podrsku. 


Savet Evropske unije, u junu 2017. godine, odobrio je Set alata za sajber 
diplomatiju sa krajnjim ciljem da ojacéa aktivnosti EU 1 potencira koordinisan 
odgovor u slucaju sajber napada protiv evropskih ciljeva. Najvazniji akteri u ovoj 
oblasti, u skladu sa tim setom su: Evropska agencija za bezbednost mreza i 
informacija (ENISA), Evropska policijska kancelarilja (EUROPOL) ukljucujuci 
Evropski centar za sajber kriminal (E/C3) 1 Evropska odbrambena agencija 
(EDA). Evropska komisija, 1zvrsno telo EU, ukljucena je u formulisanje politike 
sajber bezbednosti Unije, prioriteta 1 ciljeva preko Generalnog direktorata za 
unutraSnje poslove (DG Home) koji je odgovoran za saradnju policye 1 krivicnog 
pravosuda 1 nadgleda aktivnosti Evropola, dok je njegov deo DG Connect zaduzen 
za zastitu kriti¢ne infrastrukture 1 nadgleda aktivnosti ENISA. EDA je zaduzena 
za dalji razvoj sajber sposobnosti EU zajedno sa Vojnim Stabom EU (EUMS). 
Jedinica za pravosudnu saradnju (EUROJUST) ima ulogu u borbi protiv sajber- 
kriminala_ olakSavajuci saradnju medu _ tuziocima. DvogodiSnji projekat 
COURAGE (Cibercrime and Ciberterrorism European Research Agenda) iz 
Sedmog okvirnog programa EU isporu¢io je sveobuhvatnu agendu istrazivanja 1 
uskladenu mapu puta na osnovu saradnje sa 17 organizacija iz 12 evropskih 
zemalja na terenu. Konaéni rezultati projekta objavljeni u maju 2016. godine 
identifikovali su nedostajuca reSenja za bolju primenu postojecih pravila 1 
preporucili njihovu korekciju (Jerman-Blazié et al, 2016). 


Zbog potrebe pvezivanja Unije sa drugim akterima u_ borbi_protiv 
visokotehnoloskog kriminala Evropska komisija je 2018. godine predstavila 
osnove za dva seta pregovora, sa Sjedinjenim Drzavama (SAD) 1 za Drugi dodatni 
protokol uz ,,BudimpeStansku“ konvenciju Saveta Evrope o sajber kriminalu. Oba 
dokumenta predvidaju snazne mere za&tite podataka 1 privatnosti, a ticu se 
obezbedenja prekogranicnog pristupa elektronskim dokazima u_ krivi¢énim 
istragama. U pregovorima sa SAD predlaze se uvodenje obavezujuceg evropskog 
naloga za dostavljanje 1 evropskog naloga za ¢uvanje dokaza. Oba naloga mora 
izdati ili overiti pravosudno telo drzave Clanice. Moze se izdati nalog kojim se 
trazi Cuvanje ili dostavljanje podataka koje pohranjuje pruzalac usluga koji se 
nalazi u drugoj drzavi, a koji su potrebni kao dokaz u kriminalnim istragama ili 
postupcima. Drugim aktom, uvodi se obaveza da pruzaoci usluga imenuju 
pravnog zastupnika u Uniji koji ¢e osigurati prijem, poStovanje 1 izvrSavanje 
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odluka kako bi nadlezna nacionalna tela mogla prikupiti dokaze u kriviénim 
postupcima. Smanjenjem prepreka koje proizlazi iz toga osiguralo bi se bolje 
funkcioniranje unutraSnjeg trziSta na nacin koji je dosledan s razvojem 
zajednickog podru¢ja slobode, sigurnosti i pravde. 


Znacéajan iskorak u borbi protiv sajber kriminala je Direktiva 2019/713/EU o 
prevarama pri bezgotovinskom placanju, kojom se azurira pravni okvir, uklanjaju 
prepreke za operativnu saradnju 1 pove¢ava prevencija i pomo¢é zrtvama, kako bi 
radnje za sprovodenje zakona protiv prevara 1 falsifikovanja bezgotovinskih 
sredstava placanja bile efikasnije. Poslednji u nizu akata koji su vezani za 
sigurmmost na internetu je Privremeni propis za regulisanje obrade li¢nih 1 drugih 
podataka sa ciljem borbe protiv seksualne zloupotrebe dece od 10. septembra 
2020. godine nastao na osnovu Direktive 2002/58/EZ. 


Republika Srbija usvojila je Zakon o organizaciji 1 nadleznosti drzavnih organa za 
borbu protiv visokotehnoloskog kriminala (VTK Zakon) 2005. godine, kojim je 
uspostavljen institucionalni okvir za borbu protiv sajber kriminala jer je Zakon 
predvideo formiranje specijalizovane jedinice MUP, kao 1 posebnih sudskih 1 
tuzilackih tela za borbu protiv visokotehnoloskog kriminala, Posebno tuzilaStvo za 
visokotehnoloski kriminal kao deo ViSeg javnog tuzilaStva u Beogradu, Visi sud 
kao prvostepeni sud, 1 Apelacioni sud u Beogradu kao drugostepeni sudski organ. 
Zakon je donet posle usvajanja BudimpeStanske konvencije 1 Dodatnog protokola 
bio je uskladen sa njima, ¢ime je pocela primena medunarodnih standarda vaznih 
za ovu oblast. Kriviénim zakonik Republike Srbije usvojen 2005 godine, u pravni 
sistem uvodi kompjuterska krivi¢éna dela. Narodna skupStina Republike Srbije 
pocetkom 2009. godine posebnim zakonima atifikovala BudipeStansku 
konvenciju 1 Dodatni protokol, ali i usvojila nove i dopunila postojece zakonske 1 
podzakonske akte od znacaja. U skrining izveStaju za Poglavlje 24 ,,Pravda, 
sloboda, bezbednost* koji je uraden 2014. godine nalaz Evropske komisie je bio 
da se Srbiya nalazi medu zemljama u kojim je rizik od sajber napada ve¢i zbog 
cega je neophodno nastaviti rad na osposobljavanju nadleznih tela za porbu protiv 
tih napada, ali 1 na podizanju svesti korisnika o rizicima kojim su izlozeni 
(Krivokapic, Petrovski, 2016). 


Zakonom o elektronskim komunikacijama prvi put su ureduni uslovi i nacin za 
obavljanje delatnosti u oblasti elektronskih komunikacija, nadleZnosti drzavnih 
organa, kao 1 zaSstitu prava korisnika 1 pretplatnika, bezbednost i integritet 
elektronskih komunikacionih mreza 1 usluga, tajnost elektronskih komunikacija, 
zakonito presretanje 1 zadrzavanje podataka, kao 1 druga pitanja od znacaja za 
funkcionisanje 1 razvoj elektronskih komunikacija u Republici Srbiji. Zakon je 
usvojen sa namerom da se za8titi privatnost korisnika od nedozvoljenog pristupa 
njihovim digitalnim zapisima i podacima sa njihovih profila (Darijevic, 2021). 


Pored zakonskih i podzakonskuih akata, usvojena je Strategija razvoja 
informacionog druStva 2010 - 2020. godine i uradena procena pretnje od teSkog 1 
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organizovanog kriminala u Srbiji (Serious and Organised Crime Threat 
Assessment - SOCTA) 2015. godine. Procena je strateSki dokument koji razmatra 
razlicite oblike teSkog i organizovanog kriminala, ukljucujuci i sajyber kriminal, 
koji daje osnovu za operativni rad policija u skladu sa postojecim trendovima 
(Krivokapi¢, Petrovski, 2016). 


Zakon o informacionoj bezbednosti koji je stupio na snagu u februaru 2016. 
godine, odnosi se na pravna lica. Propisano je osnivanje institucija medu kojima je 
najznacajniji Nacionalni centar za prevenciju bezbednosnih rizika u IKT 
sistemima, domaci CERT tim. Njemu je dato u nadleznost prikupljanje 
informacija, klasifikacija informacija o incidentima i rizicima, podizanje svesti 
kod gradana 1 saradnja sa javnim 1 privrednim subjektima (Duki¢é, 2018). Nakon 
toga, u martu 2016. godine, osnovano je Telo za _ koordinaciju poslova 
informacione bezbednosti, ime se Republika Srbija ukljucila u mrezu nacionalnih 
tela za razmenu informacija i borbu protiv kriminala kako je to propisano 
Direktivom 2013/40/EU. 


Zakljucak 


Informaciona bezbednost je definisana kao skup mera koje omogu¢éavaju da 
podaci kojima se rukuje putem kompjuterskih sistema budu zasti¢eni od 
neovlaS¢enog pristupa, kao 1 da se zaStiti integritet, raspolozivost, autenticnost 1 
neporecivost tih podataka, da bi taj sistem funkcionisao kako je predvideno, kada 
je predvideno 1 pod kontrolom ovlas¢enih lica. PoSto EU, za razliku od nekih 
drugih organizacija, nema kapacitet da pruzi direktnu pomoé Clanicama koje su 
pod sajber napadom, ona deluje kao posrednik koji pomaze u razmeni znanja 1 
iskustva 1 podrzava usvajanje najbolje prakse za pojedina¢ne probleme. Uloga 
koyu EU ima u pogledu obuke, saradnje i povezivanja Clanica u borbi protiv 
visokotehnoloskog kriminala, kao 1 privatno-javno partnerstvo koje se pokazuje 
neizostavnim u uspeSnom otkrivanju, prikupljanju i Cuvanju dokaza, koje je u 
Uniji osnovni nacin delovanja povecava znac¢aj EU u borbi protiv sajber 
kriminala. Oslanjanjuci se na ovlaScenja koja je dobila Lisabonskim ugovorom 
(UFEU) Uniya sistemati¢no stvara jedinstven pravni okvir kojim se u potpunosti 
identifikuju odgovorni za suprotstavljanje sajber napadima, usaglaSava 1 
dopunjuje materijalno 1 procesno kriviéno pravo Clanica, 1 tako pojacava sistem 
unutraSnje bezbednosti Unije kao celine. 


Srbija je potpisala Konvenciju Saveta Evrope o sajber kriminalu i u velikoj meri 
je uskladila svoje zakonodavstvo sa Direktivom o napadima na informacione 
sisteme 1z 2013. godine. Potrebne su izmene i dopune zakona, posebno u delu koji 
se odnosi na obezbedenje 1 prikupljanje dokaza 1 na sankcije, kako bi u potpunosti 
zakonodavstvo bilo uskladeno sa regulativom EU. U IzveStaju o napretku Srbije u 
2014 1 2015, Komisija EU je istakla da je neophodno da se dodatno uskladi pravni 
okvir koji se odnosi na decju pornografiju. Jedan od zahteva je bilo i usvajanje 
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strategie o visokotehnoloskom kriminalu. Vlada Srbije je Akcionim planom za 
Poglavlje 24 obezbedila mere kojim ¢e uskladiti svoje zakone sa zakonodavstvom 
1 standardima Evropske unite za borbu protiv visokotehnoloskog kriminala kroz 
analizu postojec¢eg zakonskog okvira, izradu nacrta zakona i drugih propisa na 
osnovu analize u cilju poboljSanja organizacionih, ljudskih i tehnickih kapaciteta 
organa zaduzenih za borbu protiv visokotehnoloSkog kriminala, a pre svega obuka 
zaposlenih u Posebnom javnom tuzilaStvu 1 policijskoj jedinici za 
visokotehnoloski kriminal. Akcionim planom za Poglavlje 24 predvidena je i 
dodatna specijalizovana obuka u cilju jacanja kapaciteta drzavnih organa 
odgovornih za borbu protiv visokotehnoloskog kriminala. Unutar Odeljenja za 
visokotehnoloski kriminal MUP uspostavljene su specijalizovane jedinice za 
istrage zloupotreba kreditnih kartica, internet trgovine i internet bankarstva i 
jedinica za suzbijanje ilegalnog 1 Stetnog sadrzaja na internetu Sto bi trebalo 
doprineti kvalitetnijem vodenju istraga 1 prikupljanju dokaza. Navedenim 
izmenama zakonodavstva i osnivanjem nacionalnih tela, Srbija je ispunila 
minimum uslova predviden pravnim okvirom Unye za suprotstavljanje sajber 
napadima. 


Pored strucénih tela koja se bave otkrivanjem 1 gonjenjem ucinilaca krivi¢nih dela, 
neophodna je saradnja izmedu privatnog 1 javnog sektora, organizacija civilnog 
drustva koja se bave visokotehnoloskom bezbednosti i borbom _protiv 
visokotehnoloskog kriminala 1 akademske zajednice. Mnoge drzave su izuzetno 
spore 1 neadekvatno obucene za odgovor na ove pretnje, Sto se moze popraviti 
boljom medunarodnom razmenom iskustava i dosadaSnje prakse u_ polju 
bezbednosti u sajber prostoru, a Sto je olakSano usvajanjem velikog broja 
multilateralnih sporazuma. 
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Abstract 


The development of information technologies and the Internet and the commission 
of criminal acts in this new environment leads to the emergence of transnational, 
high-tech crime. Competent bodies for the fight against crime are hindered in 
achieving results by the traditional division into national jurisdictions, while there 
are no such restrictions for perpetrators. Cyber activities cause great damage and 
consequences to natural or legal persons, illegally appropriate financial 
resources and protected data. The specificities of high-tech crime require the 
specialization of state authorities because in the fight against crime, individual 
rights, privacy and freedoms of individuals must not be jeopardized. The aim of 
this paper is to show how the legislation of the European Union (EU) and the 
activities of its institutions improve the prevention, investigation and prosecution 
of perpetrators and build capacities in the judiciary. Harmonization of domestic 
law with EU law in the field of combating cybercrime is provided for in Chapter 
24 of the "Justice, Freedom, Security" negotiations. In answering the question of 
what are the legal aspects of combating cybercrime in the EU, historical- 
comparative, content analysis and deductive methods were used. 


Keywords: European law, cybercrime, personal data. 


Introduction 


High-tech crime, also known as e-crime, cybernetic or cybercrime, includes a set 
of criminal acts that involve the use of the Internet, computers or some other 
electronic devices, and various forms of criminal acts can be subsumed under this 
term. "In a broader sense, it is a criminal activity in which a computer or a 
network is the source, means, object, goal or space of a criminal act" (Romi ¢ et 
al, 2012). Certain forms of e-crime are directly related to computers, such as the 
spread of dangerous electronic viruses or the launch of DoS attacks (Denial of 
Service Attacks) that disable the computer system so that it refuses to perform any 
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service of the authorized user, when the computer becomes the object attacks, 
while in other forms of e-crime that include fraud, hate speech, crimes against 
intellectual property, as well as the production, possession and distribution of 
disputed material, devices and the Internet are a means of attack. In this type of 
crime, in addition to the object and the means of attack, the place of execution is 
also specific, which is a parallel, virtual space created by connecting several 
computers in networks suitable for searching for information or for electronic 
business, which we call cyber space, where the word is cyber (syber). of Greek 
origin and means invisible, inconspicuous and unlimited management. It is this 
almost invisible space and the absence of its limitations that complicates the fight 
against criminal activities that are undertaken (Bjelajac, Filipovic, 2021). These 
specificities affect the difficult legal regulation of the matter and the problem in 
prosecuting the perpetrators, because cybercrime most often exceeds the borders 
of one country, that is, the valid territorial legislation. Perpetrators of this type of 
illegal activities benefit from weak protection and generally low awareness of 
users on the networks, but also difficulties in detecting the commission of the act 
and in gathering evidence. For this reason, in recent decades, the intention of the 
largest number of countries to undertake joint actions through various bilateral 
and multilateral agreements to jointly oppose cybercrime is noticeable. The 
regulation of cyber security at the national and international level contributes to 
the more efficient work of competent bodies in the detection of committed acts 
and perpetrators, but also to preventive action and prevention of incriminated acts. 
In order for states to adequately oppose this threat, it is necessary to connect them 
and strengthen cooperation and exchange of information, but also to strengthen 
cooperation between different sectors within the state. In doing so, it is important 
to protect the rights of individuals to privacy (Perovic, 2018). Only after that can 
one approach the discovery of perpetrators of criminal acts and the imposition of 
adequate sanctions for those responsible, regardless of whether they are natural or 
legal persons. 


The first document that comprehensively attempted to solve the problem of 
cybercrime was the Convention on Cybercrime (ETS 185), adopted on November 
23, 2001 by the Council of Europe. The adoption of the Convention was preceded 
by the adoption of a number of recommendations warning the members of new 
threats and challenges and demanding their joint action. The Convention has 
prescribed criminal offenses directed against the confidentiality, integrity and 
availability of computer data and systems, providing precise definitions of 
criminal offences, which enable the conduct of criminal proceedings and eliminate 
the danger of double prosecution in several countries. An important part of the 
Convention on high-tech crime is devoted to the obligations of states to create 
normative assumptions for the introduction of additional procedures and powers, 
in order to enable effective detection and processing of computer crime cases. The 
first steps in that procedure are the discovery of the crime and the collection and 


194 


securing of evidence. This sets the framework for individual national legislations 
to more precisely determine the features and characteristics of individual criminal 
acts related to computers and cyberspace, their basic, lighter or more serious 
forms, and to prescribe criminal sanctions for their perpetrators, regardless of 
whether they are physical or legal entities. Serbia has signed the Council of 
Europe Convention on Cybercrime. Along with the Convention, in Strasbourg on 
January 28, 2005, the Supplementary Protocol on the prohibition of acts of a racist 
and xenophobic nature committed through computer systems was adopted. Its 
importance is also reflected in the fact that countries that are not in Europe joined 
it, such as the USA, Canada, Japan, the Dominican Republic, Panama, Mauritius, 
Australia, Israel, Sri Lanka and the Republic of South Africa (Bejatovi¢, 2012). 


The issue of safety in the virtual space is partially regulated by other conventions 
that concern this matter, such as: the Convention on the Protection of Individual 
Rights in Relation to the Automatic Processing of Personal Data, the Convention 
on the Protection of Children from Sexual Exploitation and Sexual Abuse, and the 
Convention on the Prevention of Terrorism. 


The United Nations also worked to connect countries. The various bodies of this 
organization, in accordance with their powers, acted in the direction of raising 
awareness and connecting members in opposing the threats posed by high-tech 
crime. Resolution no. 55/2 of the UN General Assembly of September 18, 2000, 
also known as the Millennium Declaration, lists the safe and accessible sharing of 
new technologies among the goals for the coming millennium. In addition, the 
General Assembly adopted a number of resolutions related to the fight against 
misuse of information technologies and international Internet security. 


The task of harmonizing national legislation in the field of high-tech crime and 
security in cyberspace is assigned by the United Nations to the International 
Telecommunication Union (ITU), its agency for the issue of information and 
communication technologies (ICT). In May 2007, the ITU presented a document 
called A Global Cybersecurity Agenda (GCA) which outlined the main problem 
and recommendations for improving security. 


Also, the Economic and Social Council of the United Nations, in July 2007, 
adopted Resolution 2007/20, which talks about international cooperation in the 
field of prevention, investigation, prosecution and punishment of economic crime 
and acts related to identity abuse. 


Many other organizations, such as NATO, OSCD, OECD, ICANN, AU, ASEAN, 
OA, have dealt with solving the problems of high-tech crime and threats to 
modern society with their internal documents (Pernik, 2014). 


The objectives of the work and the methodology used 
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The aim of the paper is to answer the question of what are the legal aspects of the 
fight against high-tech crime in the European Union (EU), because the fight 
against high-tech crime includes various areas, factors and aspects. In order to 
answer that question, it was necessary to define the basic terms, collect data 
through research, classify and analyze them. In that process, three basic questions 
arose: 


1. What are the documents of the European Union that govern the legal aspects 
of the fight against high-tech crime? 

2. How is it arranged? 

3. To what extent is the domestic legal system harmonized with the European 
one? 


Scientific research is the initial step by which existing knowledge is verified and 
new knowledge is acquired, because the description of previous activities is the 
first step in which the initial state is completely, objectively and systematically 
determined, that is, the facts are established, while the analytical method was used 
to determine their mutual conditioning and reveal new facts, their relations or 
consequences. Content analysis implies research and consideration of a large 
number of legal sources, bearing in mind the various bodies of the Union and their 
powers to enact binding acts as well as documents which, although not binding, 
have significance for the creation of the policy of the Union and its members. In 
addition to acts adopted by its bodies, the European Union signs and accedes to 
international agreements adopted under the auspices of other international 
organizations, primarily the United Nations and the Council of Europe. All these 
rules form the legal framework for the fight against high-tech crime. In this sense, 
for the purposes of writing this paper, the following texts were analyzed: 


- Communiqué on creating a safer information society by improving the 
security of information infrastructure and combating computer crime, (COM 
(2000) 890 final) 

- Framework Decision on combating fraud and counterfeiting of non-cash 
means of payment, 2001/413/JHA 

- Communication on Network and Information Security: Proposal for an EU 
Policy Approach (COM(2001)298 final) 

- Communication on a strategy for a secure information society (COM 
(2006)251 final) 

- Communication on combating spam, spyware and malware (COM 
(2006)688 final) 

- Regulation EU/460/2004 establishing the European Network and 
Information Security Agency (ENISA) 

- EU Framework Decision 2005/222/JHA on attacks on information 
systems, 
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- Directive 2002/58/EC on the processing of personal data and protection of 
privacy in the electronic communications sector, 

- Decision 2001/413/JHA on the fight against fraud and counterfeiting of 
non-cash means of payment, 

- EU Framework Decision 2004/68/JHA on the sexual exploitation of 
children and child pornography in relation to child pornography published using 
information systems 

- EU Framework Decision 2008/913/JHA Decision on the fight against 
racism and xenophobia, 

- Directive 2006/24/EC on the retention of data in connection with the 
provision of public electronic communication services, 

- Framework Decision 2005/222/JHA on attacks on information systems, 

- European Security Strategy "The European Internal Security Strategy in 
Action: Five Steps to a Safer Europe", 

- Directive 2013/40/EU on attacks on information systems, 

- European Security Strategy "A Safer Europe in a Better World" 

- Proposal for a Regulation on ensuring access to and preservation of 
evidence COM(2018) 225 final- 2018/0108(COD) and 

- Proposal for the Directive on the appointment of legal representatives 
COM/2018/226 final - 2018/0107 (COD), 

- Directive EU/ 019/713 about the fight against fraud and the facsification of 
non-cash means of payment 

- Regulation EU/2019/881 on ENISA (European Agency for Cyber 
Security) and information and communication technologies on cyber security 
certification and amendments to Regulation EU/526/2013. 


After determining the starting points, classification of data according to nature or 
properties was started. The synthesis of the collected knowledge and the 
presentation of the research results are given in the form of the conclusion that the 
Union, in accordance with its powers, is working to create a coherent legal 
framework that obliges various actors to act. 


Results of work with discussion 


The development of the information society and new technologies have 
contributed to competitiveness, economic growth and easier employment within 
the Union, but they have also exposed legal and natural persons to the risk of 
cyber attacks. And, while the Council of Europe and the United Nations worked 
rapidly to define high-tech crime and develop a methodology to combat it, the 
European Union did not show any interest in this area, as if it was waiting to see 
the outcome of the activities that took place under the auspices of the 
aforementioned two organizations. It is only later that it begins to adopt 
legislation that has as its theme the fight against high-tech crime. Over time, the 
work of the EU to regulate the framework for the safe use of computers and 
197 


virtual space is becoming more and more important because a safe Internet space 
is of key importance for the functioning and development of the internal market 
(De Hert et al, 2006). The basis for this is found in Article 16 of the Treaty on the 
Formation of the EU (TFEU), also known as the Treaty of Lisbon, which 
introduces a special legal basis for the adoption of rules related to the protection 
of individuals with regard to the processing of personal data by the institutions of 
the Union, by the states member states when performing activities that fall within 
the scope of Union law, and the rules relating to the free movement of such data. 
Since the Union has above all a political-economic character, its basic areas of 
action are the cooperation of police and judicial bodies in that fight and the 
development of international cooperation, but also the adoption of domestic legal 
norms in the member states that will create adequate and effective legal 
instruments for combating cybercrime, which will be applicable, rational, efficient 
and fair (Bejatovic, 2012). 


The first document adopted in 2001, entitled "Communiqué on the creation of a 
safer information society by improving the security of information infrastructure 
and combating computer crime", proposes cooperation in many areas, and in 
particular the amendment of the legislation, which would cover high-tech crimes 
and harmonize the criminal policy of the members regarding those actions, as well 
as mutual recognition of pronounced judgments. This was an important, first step, 
because until then, criminal offenses related to high-tech crime did not exist in 
many countries. The importance of the cooperation of all interested parties in the 
collection and preservation of evidence was also mentioned, because it is not an 
issue that only concerns the judicial authorities, but also the economy and 
individuals. The communiqué set in this way led to the initiation of a series of 
activities and the adoption of new documents, the first of which was the 
Framework Decision on the fight against fraud and the fasification of non-cash 
means of payment, which protected all payments within the Union. 


The EU Agency for the Cooperation of Judicial Institutions of the Member States 
in Criminal Matters (EUROJUST) was established to fight against cross-border 
crime and organized criminal groups. As part of the mandate of EUROJUST, a 
unit for cooperation between prosecutor's offices was established to combat 
various forms of crime, including cybercrime. An agreement was reached on the 
issuance of the European Arrest Warrant (EAW). The mechanism for issuing and 
responding to the European arrest warrant is one of the most important 
instruments that accelerates and enhances European judicial cooperation. Among 
the crimes for which an EAW can be issued are cybercrime, fraud during non- 
cash payments and forgery (Wennerstr6m, 2010). 


The Communication on Network and Information Security (COM (2001)298 
final) is the first formulated proposal for EU policy. Cybersecurity policy has 
since been developed through a series of actions, representing a strategy for a 
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secure information society, combating spam, spyware and malware and leading to 
the creation of the European Network Security Agency (ENISA) in 2004. In 
addition to the concrete solutions that were offered for the observed problems, the 
importance of these activities was in raising awareness of the importance of 
Internet security problems, cooperation and more responsible use of information 
technologies. The communications were the basis for the adoption of new 
documents that were created to prevent the commission of the act or to prevent the 
occurrence of significant consequences. 


EU Framework Decision 2005/222/JHA on attacks on information systems of 
February 24, 2005 sets as its main goal the improvement of cooperation between 
judicial and other competent authorities, including the police and other specialized 
law enforcement services, through the convergence of national rules of criminal 
law in areas of attacks on information systems. The decision provided for a 
deadline of two years for its implementation, thus highlighting the urgency in the 
actions of the competent authorities of the member states in order to improve 
cooperation and begin to exchange all relevant information and establish 
operational contact points that work non-stop. It represents an attempt to 
overcome significant gaps and differences in national laws, which hindered police 
and judicial cooperation in the fight against organized crime and terrorism. The 
decision follows the approach taken by the Council of Europe Convention, and 
requires EU member states to criminalize intentional, illegal access to information 
systems, illegal interference with the system and illegal downloading of data. 
Such acts must be punished by effective, proportionate and dissuasive criminal 
penalties, and a criminal offense in the context of a criminal organization, which 
causes significant loss or affects important interests, must be considered an 
aggravating circumstance. 


The EU addressed spam for the first time in its Directive 2002/58/EC on privacy 
and electronic communications relating to the processing of personal data and the 
protection of privacy in the electronic communications sector, stating that the 
single market requires a harmonized approach in this area because the volume of 
spam mail can cause difficulties for electronic communication networks and 
equipment. In doing so, it is not relevant whether subscribers of websites or 
electronic bulletin boards are violated by unsolicited communication for direct 
marketing purposes, by means of automated calling machines, faxes and e-mails, 
or SMS messages. In parallel with data protection and the fight against fraud and 
counterfeiting of non-cash means of payment, the European Union fights against 
sexual exploitation of children and child pornography published using information 
systems and against any form of racism and xenophobia. 


This was followed by the adoption of several recommendations to the members in 
different forms, the most significant of which was Directive 2006/24/EC on the 
retention of data in connection with the provision of public electronic 
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communication services and amendments to Directive 2002/58/EC, which was an 
important step towards the establishment of a harmonized system for the 
collection and storage of traffic data in the EU, and Framework Decision 
2005/222/JHA on attacks on information systems. The directive was adopted on 
the basis of the conclusions of the Council for Justice and Internal Affairs of 
December 19, 2002, in which it was particularly emphasized that, due to the 
significant growth of opportunities provided by electronic communications, data 
related to the use of electronic communications is a valuable tool in prevention, 
investigation, detection and prosecution of criminal acts, especially organized 
crime. The Framework Decision, on the other hand, was an attempt by the 
European Union to achieve a minimum level of convergence with regard to three 
computer crimes (illegal access to information systems, illegal interference of 
systems, illegal interference of data), the definitions of which are largely based on 
those of the Council Convention of Europe on cybercrime. However, it is 
surprising that the Framework Decision did not reach a higher level of 
convergence than the Council of Europe Convention in terms of applicable 
sanctions. Article 6 of the Framework Decision foresees a series of "minimum- 
maximum" sanctions, which for illegal interference of the system and illegal 
interference of data must be between | and 3 years in prison. Member States were 
asked to implement these provisions by the end of 2007. Despite various 
documents and attempts to create a coherent system that would make it easier for 
members to connect, cooperate and harmonize activities in protecting individuals, 
companies and institutions from cyber attacks, significant results were absent due 
to the structure and organization of the European Community. With the adoption 
of the Treaty on the Functioning of the European Union (Lisbon Treaty - UFEU), 
the Union was given new powers and opportunities to act in the field of internal 
security. Immediately after the entry into force of the Lisbon Treaty, the 
Stockholm Program was adopted in 2009 and the Internal Security Strategy in 
early 2010 (Nikodinovska-Stefanovska, Durovski, 2012). At the end of 2010, the 
European Commission, in cooperation with the European Parliament and the 
Council of the European Union, produced a document entitled "European internal 
security strategy in action: five steps towards a safer Europe", stating that the 
cyberspace security system has five strategic priorities: achieving elasticity, in the 
sense that systems automatically return to a normal state after an incident, a 
significant reduction in cybercrime, the development of a cyber defense policy 
and capabilities compliant with the Common Security and Defense Policy 
(CSDP), the development of industrial and technological resources for cyber 
security and the establishment related international cyber security policies for the 
Union and promoting the fundamental values of the European Union. 


The most ambitious EU instrument adopted during that period is the Directive on 
attacks on information systems (2013/40/EU) of August 12, 2013, which 
strengthens network and information security (NIS) and introduces the obligation 
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to report incidents for the private sector (including operators basic services and 
digital services). The directive prescribes measures to ensure a high common level 
of network and information security throughout the Union, which requires 
member states to develop a national strategy for network and information security 
(NIS), as well as a cooperation plan that enables the implementation of NIS. The 
members are obliged to form expert national teams, first of all a team responsible 
for computer incidents (Computer Emergency Response Team - CERT), which 
upon establishment cooperate with police agencies on the prevention, detection 
and response to cyber attacks, but also with the task of developing national plans 
for unforeseen situations. CERT-EU was established for EU institutions in 2012. 
The European information sharing and alert system (EISAS) is being developed 
as a network of contacts between members and other relevant bodies. In the 
member states, National Competent Authorities are formed, as the most important 
domestic institutions with the task of monitoring the implementation of the 
Directive at the national level and cooperating with the same bodies of other 
member states, security services and data protection bodies, as well as acting on 
received notifications of incidents that they are instructed by the public 
administration and public operators of telecommunication and information 
services. In addition to the two basic bodies, each member state can form: the 
Information Security Authority (IAA), the TEMPEST Authority (TA), the 
Cryptographic Solution Approval Authority (CAA) and the Cryptographic 
Material Distribution Authority (CDA). 


The national security strategy represents the general programmatic standpoint of a 
state in the area of its security (Nedeljkovi¢, Forca, 2018). The EU adopted the 
European security strategy "A safer Europe in a better world" (A safer Europe in a 
better world, European security strategy) in 2013 with the aim of strengthening 
the cyber security of public administration and critical infrastructure, in which it 
emphasizes the need for the development of a strategic culture for early and quick 
interventions in situations where security is threatened in any way. The strategy 
has three chapters: analysis of the security environment, in which global 
challenges and key threats are presented; defining strategic goals and assessing 
political implications for Europe and aimed at fighting high-tech crime by 
focusing on partnership with the economy and building capacity within member 
states to counter cyber attacks (Carrapico, Barinha, 2018). In 2013, within the 
framework of the existing structures of EUROPOL, the Union established the 
Criminal Center for High Technologies (E/C3), through which member states and 
institutions of the Union build and improve operational and analytical capacities 
for conducting investigations and cooperation with international partners. The 
center cooperates with the European Network and Information Security Agency 
(ENISA) as well as the network of national teams for computer incidents 
(CERTs). The European Agency for Network and Information Security (ENISA) 
was established in 2004 by Regulation of the European Commission and the 
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Council No. EC/460/2004 with a limited mandate that has been extended since 
that day. In April 2019, a new Regulation was adopted renaming ENISA to the 
European Cyber Security Agency and giving it new powers and adding new 
bodies. The headquarters of the Agency is in Athens, it has the status of a legal 
entity, and it is financed from funds from the European Union budget, funds from 
third countries that participate in the work of the Agency, as well as donations 
from member states in money or in kind. The original task of ENISA to carry out 
tasks for the purpose of establishing a high level of network and data security in 
the European Union, raising awareness of information security and developing 
and promoting a culture of network and data security for the benefit of citizens, 
consumers, businesses and public authorities of the European Union has been 
expanded in terms of cyber certification security. In each of the member states, 
ENISA has the widest legal capacity that legal entities have under the internal law 
of the member state and can conclude contracts in accordance with the law that 
applies to the specific contractual relationship. It is authorized to cooperate with 
third countries and international organizations in order to promote international 
cooperation in the field of network and data security. The bodies of ENISA are: 
Management Board, Executive Board, Executive Director, Permanent Body of 
Stakeholders (which includes representatives of the academic community, 
business and consumers) and ad hoc working groups. Since 2019, there is also a 
permanent body of National Liaison Officers, and ENISA is responsible for the 
cybersecurity certification scheme for products, services and processes to support 
the Digital Single Market.. The European Parliament, the Council, the European 
Commission and the competent regulatory bodies of the Member States can 
submit requests for advice and support. 


The Council of the European Union, in June 2017, approved the Cyber Diplomacy 
Toolkit with the ultimate goal of strengthening EU activities and enhancing a 
coordinated response in case of cyber attacks against European targets. The most 
important actors in this area, according to that set, are: the European Network and 
Information Security Agency (ENISA), the European Police Office (EUROPOL) 
including the European Cybercrime Center (E/C3) and the European Defense 
Agency (EDA). The European Commission, the EU's executive body, is involved 
in the formulation of the Union's cyber security policy, priorities and objectives 
through the Directorate General for Home Affairs (DG Home) which is 
responsible for police and criminal justice cooperation and oversees the activities 
of Europol, while its part is in charge of DG Connect for the protection of critical 
infrastructure and supervises the activities of ENISA. The EDA is in charge of 
further developing the EU's cyber capabilities together with the EU Military Staff 
(EUMS). The Judicial Cooperation Unit (EUROJUST) has a role in the fight 
against cybercrime by facilitating cooperation between prosecutors. The two-year 
project COURAGE (Cybercrime and Cyberterrorism European Research Agenda) 
from the EU's Seventh Framework Program delivered a comprehensive research 
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agenda and coordinated roadmap based on collaboration with 17 organizations 
from 12 European countries on the ground. The final results of the project 
published in May 2016 identified missing solutions for better application of 
existing rules and recommended their correction (Jerman-Blazi¢ et al, 2016). 


In 2018 the European Commission presented the basis for two sets of 
negotiations, with the United States (USA) and for the Second Additional 
Protocol to the "Budapest" Convention of the Council of Europe on cybercrime. 
Both documents provide for strong data protection and privacy measures, and 
concern the provision of cross-border access to electronic evidence in criminal 
investigations. In the negotiations with the USA, it is proposed to introduce a 
binding European production order and a European evidence preservation order. 
Both orders must be issued or certified by a judicial authority of the Member 
State. An order may be issued to request the retention or production of data stored 
by a service provider located in another country, which is required as evidence in 
criminal investigations or proceedings. The second act introduces the obligation 
for service providers to appoint a legal representative in the Union who will 
ensure the reception, compliance and execution of decisions so that competent 
national bodies can collect evidence in criminal proceedings. The resulting 
reduction of obstacles would ensure better functioning of the internal market in a 
manner consistent with the development of the common area of freedom, security 
and justice. 


A significant step forward in the fight against cybercrime is Directive 
2019/713/EU on fraud in non-cash payments, which updates the legal framework, 
removes obstacles to operational cooperation and increases prevention and 
assistance to victims, in order to actions to enforce the law against fraud and 
forgery of non-cash means of payment were more effective. The last in a series of 
acts related to internet security is the Temporary Regulation for regulating the 
processing of personal and other data with the aim of combating sexual abuse of 
children from September 10, 2020, created on the basis of Directive 2002/58/EC. 


The Republic of Serbia adopted the Law on the Organization and Competence of 
State Authorities for the Fight against High-Tech Crime (VTK Law) in 2005, 
which established an institutional framework for the fight against cybercrime, as 
the Law provided for the formation of a specialized unit of the Ministry of 
Interior, as well as special judicial and prosecutorial bodies. for the fight against 
high-tech crime, the Special Prosecutor's Office for high-tech crime as part of the 
Higher Public Prosecutor's Office in Belgrade, the High Court as a first-instance 
court, and the Court of Appeal in Belgrade as a second-instance judicial body. 
The law was passed after the adoption of the Budapest Convention and the 
Additional Protocol was harmonized with them, which started the application of 
international standards important for this area. The Criminal Code of the Republic 
of Serbia, adopted in 2005, introduces computer crimes into the legal system. At 
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the beginning of 2009, the National Assembly of the Republic of Serbia ratified 
the Budapest Convention and the Additional Protocol by means of special laws, 
but also adopted new and supplemented the existing legal and by-laws of 
importance. In the screening report for Chapter 24 "Justice, Freedom, Security" 
which was done in 2014, the European Commission found that Serbia is among 
the countries where the risk of cyber attacks is higher, which is why it is necessary 
to continue work on training competent bodies for combat against those attacks, 
but also on raising users' awareness of the risks they are exposed to (Krivokapic, 
Petrovski, 2016). 


The Law on Electronic Communications regulates for the first time the conditions 
and manner of performing activities in the field of electronic communications, the 
competence of state authorities, as well as the protection of the rights of users and 
subscribers, the security and integrity of electronic communication networks and 
services, the secrecy of electronic communications, the lawful interception and 
retention of data, as well as other issues of importance for the functioning and 
development of electronic communications in the Republic of Serbia. The law 
was adopted with the intention of protecting users' privacy from unauthorized 
access to their digital records and data from their profiles (Darijevi¢c, 2021). 


In addition to legal and by-laws, the Information Society Development Strategy 
2010 - 2020 was adopted and the Serious and Organized Crime Threat 
Assessment (SOCTA) was carried out in 2015. The assessment is a strategic 
document that considers various forms of serious and organized crime, including 
cybercrime, which provides the basis for the operational work of the police in 
accordance with existing trends (Krivokapi¢, Petrovski, 2016). 


The Law on Information Security, which entered into force in February 2016, 
applies to legal entities. The establishment of institutions is prescribed, among 
which the most important is the National Center for the Prevention of Security 
Risks in ICT Systems, the domestic CERT team. He is entrusted with collecting 
information, classifying information about incidents and risks, raising awareness 
among citizens and cooperating with public and business entities (Dukic, 2018). 
After that, in March 2016, the Body for the Coordination of Information Security 
Affairs was established, with which the Republic of Serbia joined the network of 
national bodies for the exchange of information and the fight against crime, as 
prescribed by Directive 2013/40/EU. 


Conclusion 


Information security is defined as a set of measures that enable data handled 
through computer systems to be protected from unauthorized access, as well as to 
protect the integrity, availability, authenticity and non-repudiation of that data, so 
that the system functions as intended, when intended. and under the control of 
authorized persons. Since the EU, unlike some other organizations, does not have 
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the capacity to provide direct assistance to members under cyber attack, it acts as 
an intermediary to help share knowledge and experience and support the adoption 
of best practices for individual problems. The role that the EU has in terms of 
training, cooperation and connecting members in the fight against high-tech 
crime, as well as the private-public partnership that proves to be indispensable in 
the successful discovery, collection and preservation of evidence, which is the 
basic mode of action in the Union, increases the importance of the EU in the fight 
against cyber crime. Relying on the powers granted by the Treaty of Lisbon 
(TFEU), the Union systematically creates a unique legal framework that fully 
identifies those responsible for countering cyber attacks, harmonizes and 
complements the substantive and procedural criminal law of the members, and 
thus strengthens the internal security system of the Union as a whole. 


Serbia has signed the Council of Europe Convention on Cybercrime and has 
largely harmonized its legislation with the 2013 Directive on Attacks on 
Information Systems. Amendments to the law are needed, especially in the part 
related to securing and collecting evidence and sanctions, so that the legislation is 
fully harmonized with EU regulations. In the Report on Serbia's progress in 2014 
and 2015, the EU Commission pointed out that it is necessary to further 
harmonize the legal framework related to child pornography. One of the demands 
was the adoption of a strategy on high-tech crime. With the Action Plan for 
Chapter 24, the Government of Serbia has provided measures that will harmonize 
its laws with the legislation and standards of the European Union for the fight 
against high-tech crime through the analysis of the existing legal framework, the 
drafting of laws and other regulations based on the analysis in order to improve 
organizational, human and technical capacities authorities in charge of combating 
high-tech crime, and above all training of employees in the Special Public 
Prosecutor's Office and the police unit for high-tech crime. The action plan for 
Chapter 24 foresees additional specialized training in order to strengthen the 
capacities of state bodies responsible for the fight against high-tech crime. Within 
the High-tech Crime Department of the Ministry of Interior, specialized units for 
investigations of credit card abuse, internet commerce and internet banking and a 
unit for suppressing illegal and harmful content on the internet were established, 
which should contribute to better conducting investigations and gathering 
evidence. With the mentioned amendments to the legislation and _ the 
establishment of national bodies, Serbia has fulfilled the minimum conditions 
stipulated by the legal framework of the Union for combating cyber attacks. 


In addition to expert bodies dealing with the detection and prosecution of 

perpetrators of criminal acts, cooperation between the private and public sectors, 

civil society organizations dealing with high-tech security and the fight against 

high-tech crime, and the academic community is necessary. Many countries are 

extremely slow and inadequately trained to respond to these threats, which can be 

remedied by better international exchange of experience and best practice in the 
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field of cyber security, which is facilitated by the adoption of a large number of 
multilateral agreements. 
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